Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1152
kernel/kernel-rt security, bug fix, and enhancement update
7 April 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
kernel-rt
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27365 CVE-2021-27364 CVE-2021-27363
CVE-2021-26708 CVE-2021-3347 CVE-2020-28374
CVE-2020-27152 CVE-2020-0466
Reference: ESB-2021.0981
ESB-2021.0837
ESB-2021.0553
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1093
https://access.redhat.com/errata/RHSA-2021:1081
https://access.redhat.com/errata/RHSA-2021:1071
https://access.redhat.com/errata/RHSA-2021:1070
Comment: This bulletin contains four (4) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2021:1093-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1093
Issue date: 2021-04-06
CVE Names: CVE-2020-0466 CVE-2020-27152 CVE-2020-28374
CVE-2021-3347 CVE-2021-26708 CVE-2021-27363
CVE-2021-27364 CVE-2021-27365
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: use after free in eventpoll.c may lead to escalation of privilege
(CVE-2020-0466)
* kernel: SCSI target (LIO) write to any block on ILO backstore
(CVE-2020-28374)
* kernel: Use after free via PI futex state (CVE-2021-3347)
* kernel: race conditions caused by wrong locking in
net/vmw_vsock/af_vsock.c (CVE-2021-26708)
* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)
* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)
* Kernel: KVM: host stack overflow due to lazy update IOAPIC
(CVE-2020-27152)
* kernel: iscsi: unrestricted access to sessions and handles
(CVE-2021-27363)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* race condition when creating child sockets from syncookies (BZ#1915529)
* On System Z, a hash needs state randomized for entropy extraction
(BZ#1915816)
* scsi: target: core_tmr_abort_task() reporting multiple aborts for the
same se_cmd->tag (BZ#1918354)
* [mlx5] VF interface stats are not reflected in "ip -s link show" /
"ifconfig <vf>" commands (BZ#1921060)
* Win10 guest automatic reboot after migration in Win10 and WSL2 on Intel
hosts (BZ#1923281)
* [RHEL 8.3] Repeated messages - Unable to burst-read optrom segment
(BZ#1924222)
* Backport bug fix RDMA/umem: Prevent small pages from being returned by
ib_umem_find_best_pgsz (BZ#1924691)
* [Cisco 8.3] RHEL/Cent 8.2 fNIC driver needs a patch fix that addresses
crash (BZ#1925186)
* RHEL8.3 - The kernel misdetects zCX with z/VM (BZ#1925508)
* Backport 22e4663e91 ("mm/slub: fix panic in slab_alloc_node()")
(BZ#1925511)
* SCTP "Address already in use" when no active endpoints from RHEL 8.2
onwards (BZ#1927521)
* lpfc: Fix initial FLOGI failure due to BBSCN not supported (BZ#1927921)
* [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929738)
* Unexpected thread movement with AMD Milan compared to Rome (BZ#1929740)
* rpmbuild cannot build the userspace RPMs in the kernel package when the
kernel itself is not built (BZ#1929910)
* [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to
add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930168)
* Configuring the system with non-RT kernel will hang the system
(BZ#1930735)
* Upstream Patch for Gracefully handle DMAR units with no supported address
widthsx86/vt-d (BZ#1932199)
* gfs2: Deadlock between gfs2_{create_inode,inode_lookup} and
delete_work_func (BZ#1937109)
* Failing on tsx-ctrl when the flag doesn't change anything (BZ#1939013)
Enhancement(s):
* RFE: Backport all Audit enhancements and fixes up to version 5.10-rc1
(BZ#1907520)
* RHEL8.4: Update the target driver (BZ#1918363)
* [Mellanox 8.4 FEAT] mlx5: Hairpin Support in Switch Mode (BZ#1924689)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1888886 - CVE-2020-27152 Kernel: KVM: host stack overflow due to lazy update IOAPIC
1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore
1920480 - CVE-2020-0466 kernel: use after free in eventpoll.c may lead to escalation of privilege
1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
1925588 - CVE-2021-26708 kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem
1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles
1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-240.22.1.el8_3.src.rpm
aarch64:
bpftool-4.18.0-240.22.1.el8_3.aarch64.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-core-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-devel-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-headers-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-modules-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-libs-4.18.0-240.22.1.el8_3.aarch64.rpm
perf-4.18.0-240.22.1.el8_3.aarch64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
python3-perf-4.18.0-240.22.1.el8_3.aarch64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
noarch:
kernel-abi-whitelists-4.18.0-240.22.1.el8_3.noarch.rpm
kernel-doc-4.18.0-240.22.1.el8_3.noarch.rpm
ppc64le:
bpftool-4.18.0-240.22.1.el8_3.ppc64le.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-core-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-headers-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-modules-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-libs-4.18.0-240.22.1.el8_3.ppc64le.rpm
perf-4.18.0-240.22.1.el8_3.ppc64le.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
python3-perf-4.18.0-240.22.1.el8_3.ppc64le.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
s390x:
bpftool-4.18.0-240.22.1.el8_3.s390x.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-core-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-devel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-headers-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-modules-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-tools-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-core-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-devel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-modules-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm
perf-4.18.0-240.22.1.el8_3.s390x.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
python3-perf-4.18.0-240.22.1.el8_3.s390x.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
x86_64:
bpftool-4.18.0-240.22.1.el8_3.x86_64.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-modules-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-libs-4.18.0-240.22.1.el8_3.x86_64.rpm
perf-4.18.0-240.22.1.el8_3.x86_64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
python3-perf-4.18.0-240.22.1.el8_3.x86_64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.aarch64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.x86_64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0466
https://access.redhat.com/security/cve/CVE-2020-27152
https://access.redhat.com/security/cve/CVE-2020-28374
https://access.redhat.com/security/cve/CVE-2021-3347
https://access.redhat.com/security/cve/CVE-2021-26708
https://access.redhat.com/security/cve/CVE-2021-27363
https://access.redhat.com/security/cve/CVE-2021-27364
https://access.redhat.com/security/cve/CVE-2021-27365
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYGxuX9zjgjWX9erEAQjjwA//eytWPJuijFL/ECxnISUNZ9i41Ff8r/zg
SWX8qN9lO2NJZCfHffhQlUeP+tGVKjYQ4XLeUZ0qCpC1tElApZsjzQY85HufOksI
xo99uDI4kC2bn16kcRbKUBahfSsEMF4tjXKkfU08R4hXOmuBYIVfcs/QjhVWpy3I
NALgTd56ZzHFYB24oVraZ9l35GAWmM7fdMvXJGGus1QFNjjoKCiyL3gHP/82g6wn
vMTtQDiO3fTIAUM1KV0oi3eUPComfpAyAjTwNf3q5Xp30efAvXVLAg6QpN4lpjZ8
z4BpngPb6LovLdc9k9XE86ubLQfpK3J9wTVXaVdWRD8L+k89pJtFTor/E5qRBvEC
lvq1BrELiWruuVLIOP27TDKzy7dGd20Qn5f3YyQaCBuwsw+XgnKijtbc8vaN6VT8
q78QZh1Exp5V5DNQaLkjYSWDkoX8BogbJ7+t7aSsOPgWd05zsN6bhxAR37vIzH9m
nolQ092zF3U5l86Rpwfb8ZEoPF2n6wu0ORXyJNeXN2WJaf3cPGpQMu0KR/cLBGEf
0J3tDRKuh3++AZmQHYXSM4Q6SlsOYpRb4eGeHSuGcIjQbiIyhJMr8JCdJ307dGK1
2G/bRrJ8gPqTBSeICMuUkSMkRPzEhnZKUQzNMfMmYxFAjBUaQBSnD2D/3ZdnjIXJ
P3ZmzmeD/BA=
=eIA0
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:1081-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1081
Issue date: 2021-04-06
CVE Names: CVE-2020-0466 CVE-2020-27152 CVE-2020-28374
CVE-2021-3347 CVE-2021-26708 CVE-2021-27363
CVE-2021-27364 CVE-2021-27365
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use after free in eventpoll.c may lead to escalation of privilege
(CVE-2020-0466)
* kernel: SCSI target (LIO) write to any block on ILO backstore
(CVE-2020-28374)
* kernel: Use after free via PI futex state (CVE-2021-3347)
* kernel: race conditions caused by wrong locking in
net/vmw_vsock/af_vsock.c (CVE-2021-26708)
* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)
* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)
* Kernel: KVM: host stack overflow due to lazy update IOAPIC
(CVE-2020-27152)
* kernel: iscsi: unrestricted access to sessions and handles
(CVE-2021-27363)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* kernel-rt possible livelock: WARNING: CPU: 28 PID: 3109 at
kernel/ptrace.c:242 ptrace_check_attach+0xdd/0x1a0 (BZ#1925308)
* kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree
(BZ#1926369)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1888886 - CVE-2020-27152 Kernel: KVM: host stack overflow due to lazy update IOAPIC
1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore
1920480 - CVE-2020-0466 kernel: use after free in eventpoll.c may lead to escalation of privilege
1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
1925588 - CVE-2021-26708 kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
1926369 - kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree
1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem
1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles
1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module
6. Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source:
kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.src.rpm
x86_64:
kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-kvm-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source:
kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.src.rpm
x86_64:
kernel-rt-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-core-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debuginfo-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-devel-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-modules-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
kernel-rt-modules-extra-4.18.0-240.22.1.rt7.77.el8_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0466
https://access.redhat.com/security/cve/CVE-2020-27152
https://access.redhat.com/security/cve/CVE-2020-28374
https://access.redhat.com/security/cve/CVE-2021-3347
https://access.redhat.com/security/cve/CVE-2021-26708
https://access.redhat.com/security/cve/CVE-2021-27363
https://access.redhat.com/security/cve/CVE-2021-27364
https://access.redhat.com/security/cve/CVE-2021-27365
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYGxpNtzjgjWX9erEAQgpJg//W6iBKw5074KsHQzIOPiURc3w69o9gyIs
yE7H0cLNIlUbfwMviXftPJzbPxAwasrqB7hQEcc9mqGFlxefWYCBBOSOkBn8wx9o
+7bE6ZIKSEIN9rdHERsZdPMmP/kHbUmRgdo61jjZyQuUFfIZgjvJr8HkbeCEVzry
TXqn4l5z230kRndXYO1hKIiWYCxMklKA0DY76CqPkAFMiLYf81TGY9cXdmvuBWkW
TX42ufpPELH1E1z2x3DvsN4xK/wn6QPY3OYzEMk29C1LuKfylbXlGayL0eQNQAji
UlE49OCvIeToqS4xCwlQTtOSDGtZkGX9WFpBXt8EGnJ/YDMRoxpxSYgqemqfDr+X
XVhDcgXoAU5l+GJPD45dIWq7Gh/eAXZFV+jz4FtMU1oL2w+lR/eGCChEDG2GwTgl
s9MhSz6BswbAWqdWYnAlzlcp/u7HsIku2a0puAJDpZO2TU1MPkitr3sHSc2XnCtg
b8kbGtrS8QS9VckSGMAviuOZgpNDHKYTMGobyU5vnfgPPjhH3Z14CUoogGgVNvoA
3BdtyzVfB9uHhSSoRaLggUrOoPAxvlc5nfKGaFTyDkbVWmqOPdDPi7/Z6wJXwEkw
vo6ExIPYJiAb05SuY+X0cJkCezokU8K5N0wFhj89t+BAbj5/IMiir2wwYGif4Hsb
AAihwVSfz0U=
=X3VJ
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2021:1071-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1071
Issue date: 2021-04-06
CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)
* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)
* kernel: iscsi: unrestricted access to sessions and handles
(CVE-2021-27363)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Customer testing eMMC sees and intermittent boot problem on 7.8+, was not
seen on 7.3 (BZ#1918916)
* tcm loopback driver causes double-start of scsi command when work is
delayed (BZ#1925652)
* [Azure][RHEL-7]Mellanox Patches To Prevent Kernel Hang In MLX4
(BZ#1925691)
* A patch from upstream c365c292d059 causes us to end up leaving
rt_nr_boosted in an inconsistent state, which causes a hard lockup.
(BZ#1928082)
* [RHEL7.9.z] Add fix to update snd_wl1 in bulk receiver fast path
(BZ#1929804)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem
1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles
1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1160.24.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.24.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm
perf-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1160.24.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.24.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm
perf-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1160.24.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1160.24.1.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debug-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-devel-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-headers-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-tools-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1160.24.1.el7.ppc64.rpm
perf-3.10.0-1160.24.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
python-perf-3.10.0-1160.24.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1160.24.1.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debug-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-devel-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-headers-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-tools-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1160.24.1.el7.ppc64le.rpm
perf-3.10.0-1160.24.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
python-perf-3.10.0-1160.24.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1160.24.1.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm
kernel-3.10.0-1160.24.1.el7.s390x.rpm
kernel-debug-3.10.0-1160.24.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-1160.24.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1160.24.1.el7.s390x.rpm
kernel-devel-3.10.0-1160.24.1.el7.s390x.rpm
kernel-headers-3.10.0-1160.24.1.el7.s390x.rpm
kernel-kdump-3.10.0-1160.24.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1160.24.1.el7.s390x.rpm
perf-3.10.0-1160.24.1.el7.s390x.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm
python-perf-3.10.0-1160.24.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1160.24.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm
perf-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1160.24.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1160.24.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1160.24.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.24.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm
perf-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-27363
https://access.redhat.com/security/cve/CVE-2021-27364
https://access.redhat.com/security/cve/CVE-2021-27365
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYGwp7tzjgjWX9erEAQgQXQ//b1YLCLj3RXDop9pRP30zQj7xj3xDYBK5
7FLTR7K6HVYynrzKBJ87TyJkuhaPpTi8452HYHjLaYt6VYa+j1Jr+PVQr+ZaO+Rz
iSRl3Sr5NYynAt9g2vNp6tfeeYPddVSpDpxkUr84EDRZ9Jg8tYtLkanRT9cH02gs
+TYPCUZn/2Ii6YQjksIZmv6VVUZepMaO/kDDEi89ivGCffaMvS70Z86498XawgeM
eJttBvztEv5K6wvaRtnJegmeonYKxouP1FYDyXh+WAG6zjQDcUEWUKgwdGGn+mXb
k4T6F/ktCAx7wSKgt4kMvVmvzOc5jScJ2V0aK3rvm5LnqHoNin5syGOIHm6BM5Jp
KTO6MGa9ex7xQdz/pNU/4aqxtKK0G4ceL8xjEGpei5U0gIEXuK4KFySa1bDQa2Xd
eN2VtwzajY2tvCe7FrKuwKGb6HyIQK39C8hUHsD2x+JwLCxb12DWBY0ulJzh2C2l
LPwWFWMhJqH2GG2wIKh6msCQOMJOGO3zwLtkGMj5dXrmDBHhkkT1FZnL0DdDxL3m
JGija+Tr50EFGBFZvS1brChBEqwHqklkUQ3nWVXDj8ipRXJMOOGHbssw9FqnX01B
qF414rmDTU1tBHc7bPo8/q5zMXKV5vOixRplzs0sw0hlBJKjvlpVpDMiseo3crlj
ghAOW9EzFXk=
=pxZs
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:1070-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1070
Issue date: 2021-04-06
CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)
* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)
* kernel: iscsi: unrestricted access to sessions and handles
(CVE-2021-27363)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* RHEL7.9 Realtime crashes due to a blocked task detection. The blocked
task is stuck in unregister_shrinker() where multiple tasks have taken the
shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex.
[kernel-rt] (BZ#1935557)
* kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem
1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles
1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source:
kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source:
kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-27363
https://access.redhat.com/security/cve/CVE-2021-27364
https://access.redhat.com/security/cve/CVE-2021-27365
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYGwUItzjgjWX9erEAQjxsA//SlDSD/SJHCxceZvPrzgBTa7x6icArqhH
08++iBcxQ924tX3O9AizfbKGi4SfixaLnkTK/ZmucTD1nctMxvbQU/bSwnqT6NEv
SIEMMhxnwCG09utCX1hlKMjOjtwT53oapInBu8svGowlXzOg4WSzBLv5q7A7QmuQ
uFkSrymbQvoGVsDW3cee2xksPtHDuXg7rsNrnr5sfpyY0qrONgiy9WnhR4C/fCw3
uG/kedTHM4tTT0+8JgC4hfiAOZSSf6cowobPkE/kmOGxmUdLC8G4aRNQzOP/PPyp
MXQfo77P5Oq8FDt28DqlTTxu589YKUiY0/QtiCy4+nKMQ3eCFu6MK8es20VEamrk
CSr8Ms5OzUbAgEwlQnqcKjaXqEa6Z10SrqgL6tVYQmnqmO5y8XcnAJTNN8aAjvWj
6FoTLwpcGkNuL6ctaUjf8+tv/ybZG5OTLgvBto8pmS4pQBldxsn5MJUERye3POes
lh6QZtE3x59NsuDV0nczleVHO7pHbgpe5EiNXufRIVp9VvH6VU3JArSFq5GOwqNC
TRei+AumL9AL9cUWUE50DR3aBiPvXUbYabz8v0e5fPeXl/EkQAiypT4l82bxwoqI
l7CV1v62LoyfaPfHq34dPZA8I4BAdqorDYSDbtcgkOO1W1T4NeNOIBRJn6J/n8QW
r8zE0R3Ih9M=
=OvRU
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYGz3f+NLKJtyKPYoAQgclRAAqFq6VP8dXBiHmHyBjjfuH5kZ06qkaLAe
fGi0M72gYnFS2LTwDT1IKOI+SAown6mKQvRhw3NkXMvGQH/JL8GUA0WIKWjKoRiu
v8usNxldoFED70IjUGnu/17w9QMv7ieY0ZI5jhELAsW8kITX3sOppDl0mbP4J+Yy
hAr+y6DU0DGgtg4s5Nvqr/isLdadCcGm9Oo0HIkOh3n67iFCROmQQnoYYvDkRlkm
GWG2JaC3KgrK6f9uXSIM0SjznqKncTPCE0gh2lqWs6KULjcF9I8YX9JOjIh05LZR
Vqlh3dpPxJQJ3w5vbIEAoQGV6ukTRHQAeccIbt502NcZybSfwupO1htEmEe9kiiO
uCBdLyqlzJoJFKMWz4YTqCTk68KgV46oVafW05zq6nqiycQAIzMKb2bv4/C63ump
66nvspIZVkSY/f0VKpQTwTFFVVUCtkXxbOfHSiysh9uHmIg9Lw1dE9mjWtht5bi3
4E6NQYanyPpx8frofu3dqMdrfccLjDcUeZyL4INPVwr/PQUgZukyznXXhNL/AVk6
NSj2kaWHCIXPnMd0SS+eoSzBHuX5eo5tkNHe69M1skt/RKLRxs2+fkTNhQryfn+G
REOOTPs0vlvJ7J/8SDk1FH5qp7taVZj03mxWJdUOmRHyNLDsdpeYcpCX5V62khws
1qnvN98s4TU=
=G68R
-----END PGP SIGNATURE-----